Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo hacla.org

Group: cactus

Discovered by ransomware.live: 2024-10-31

Estimated attack date: 2024-10-01

Country: US

Description:

<p>Federal.<br><br>“The Housing Authority of the City of Los Angeles (HACLA) is a public agency established in 1938 to provide affordable housing options to low-income residents of Los Angeles.”<br><br>Website: <a href="https://www.hacla.org/">https://www.hacla.org/</a><br><br>Revenue : $1.9B<br><br>Address: 2600 Wilshire Blvd Fl 5, Los Angeles, California, 90057, United States<br><br>Phone Number: &nbsp;(213) 252-5313<br><br><mark class="marker-yellow"><strong>Download link #1:</strong></mark> &nbsp;<a href="https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/HACLA/PROOF/">https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/HACLA/PROOF/</a><br><br><mark class="marker-yellow"><strong>Mirror:</strong></mark> <a href="https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/HACLA/PROOF/">https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/HACLA/PROOF/</a><br><br><mark class="marker-yellow"><strong>DATA DESCRIPTIONS:</strong></mark> Personal Identifiable Information, actual database backups, financial documents, executives\employees personal data, customer personal information, corporate confidential data and correspondence, etc.</p><p><img src="/uploads/SS_Card_f1e845c8c5.png" alt="SS Card.png"><img src="/uploads/Marisela_Ocampo_passport_956fdeb9ec.png" alt="Marisela Ocampo passport.png"><img src="/uploads/Patrick_Gregorian_passport_b6456d245f.png" alt="Patrick Gregorian passport.png"><img src="/uploads/HACLA_Audit_Information_2b49807173.png" alt="HACLA-Audit Information.png"><img src="/uploads/Mom_ID_and_SS_card_2024_8f4fbcf065.png" alt="Mom ID and SS card 2024.png"></p>

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 8

Third Party Employee Credentials: 0

External Attack Surface: 6


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • hacla.org.2.arsmtp.com.
  • hacla.org.1.arsmtp.com.
TXT Records
  • v=spf1 mx ip4:67.229.241.250 ip4:32.141.75.218 ip4:98.153.72.242 ip4:209.11.249.250 include:asp-spf1.yardi.com include:asp-spf2.yardi.com include:spf.protection.outlook.com -all
  • MS=ms46791531
  • aeq4h2a9l06mqu2c991ua2rant
  • google-site-verification=gJZs74IEqaCWlsU70cm0daP2I3d5AA6_yB8855m2eHI
  • parkable-domain-verification=UQKsv48KxlICFWr0Lqk5dLSHJFwvPeAsKpjsvVW6Zpw=
  • qjn8301lhfiovi6q57bk6dlibk
  • citrix-verification-code=6105aa9c-db30-4a0c-8161-bf47422e286c
  • Y51vURav26KpVvOvcGDot7NEDLvFl0rBFspE6t1WjQ/ILNCvM10XAxYXepoEpyDIGWoZTRh9qnDVyXdPC76Tsw==
  • MS=ms95718586
  • hfon3gmk6vg4duel7qfshdhbb1
  • cprqf3joq1k11buuuksjlc9eaa
  • ee2vmgo1neonsni473kl1efpd1
Cloud / SaaS Services Detected
Microsoft 365

Leak Screenshot:

Leak Screenshot